~ Rapport de ZHPDiag v2013.12.26.23 - Nicolas Coolman (26/12/2013) ~ Lancé par francoise (27/12/2013 15:57:05) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v9.0.8112.16421 GCIE: Google Chrome v23.0.1271.97 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002) Windows Server License Manager Script : OK ~ Vista, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : WQD8Q Windows License : OK Windows Automatic Updates : OK ---\\ Logiciels de protection du système avast! Free Antivirus v8.0.1483.0 Malwarebytes Anti-Malware version 1.75.0.1300 Norton Internet Security v16.0.0.125 Spybot - Search & Destroy 2 v2.0.7 ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer eMule µTorrent v3.2.0 =>P2P.µTorrent ---\\ Surveillance de Logiciels Adobe Flash Player 11 ActiveX Adobe Reader X ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3068 MB (45% free) System Restore: Activé (Enable) System drive C: has 40 GB (13%) free of 288 GB ---\\ Mode de connexion au système ~ Computer Name: PC-DE-MANU ~ User Name: francoise ~ All Users Names: francoise, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\francoise\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\francoise\AppData\Roaming\ ~ %Desktop% : C:\Users\francoise\Desktop\ ~ %Favorites% : C:\Users\francoise\Favorites\ ~ %LocalAppData% : C:\Users\francoise\AppData\Local\ ~ %StartMenu% : C:\Users\francoise\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 40 Go of 288 Go) D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 11 Go) E: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 42 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592] [MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768] [MD5.4CC9DF09C3D915BA0A101A11DB684F26] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/11/2013 - 23:42:41.) -- C:\Windows\System32\wininet.dll [1129472] [MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368] [MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408] [MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944] [MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144] [MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072] [MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264] [MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152] [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784] [MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864] [MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496] [MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856] [MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232] [MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288] [MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832] [MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560] [MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192] [MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640] ~ Generic Processes: Scanned in 00mn 01s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/57 ~ Mes musiques (My Musics) : 1/18 ~ Mes Videos (My Videos) : 1/7 ~ Mes Favoris (My Favorites) : 1/887 ~ Mes Documents (My Documents) : 2/3521 ~ Mon Bureau (My Desktop) : 4/40 ~ Menu demarrer (Programs) : 1/44 ~ Hidden Files: Scanned in 00mn 02s ---\\ Processus lancés [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1384] [MD5.4B3E3F63726F1A456F5FD5ECF08A8719] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904] [PID.3376] [MD5.B6F6228AB545E2819A60C0D63A84E52E] - (.CyberLink Corp. - HP DVDSmart Resident Program.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200] [PID.892] [MD5.1131F49F162539DD4834C67B4E93CD89] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1316136] [PID.4000] [MD5.498A9E93BCBBB3FBCEAB2ADA3B66658E] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736] [PID.3636] [MD5.A168271E4AC1688C162534D412F283AE] - (.Hewlett-Packard - HP MediaSmart SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224] [PID.3188] [MD5.2C45AF6FB8AADD7959078CC1B13B1A65] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [206128] [PID.2152] [MD5.690A6DF02625A46ABEE250C6151B7FBA] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [54576] [PID.3472] [MD5.692493B9136287C06DE23F7CE823FC40] - (.Hewlett-Packard - HP Wireless Assistant main program.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432] [PID.3084] [MD5.3C6BA8973C6071341EB4907B06C311AC] - (.Brother Industries, Ltd. - Brother Status Monitor MFC Application.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [622592] [PID.1768] [MD5.33C014C1709F7222CEFF61B780EDC967] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [49152] [PID.3192] [MD5.4400C3143778C1DF92D46C98688A9925] - (.ScanSoft, Inc. - PaperPort Print to Desktop for NT.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393] [PID.4156] [MD5.98A078F838A70F84E1BD490D7C7675F4] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696] [PID.4184] [MD5.E4401CF27225C1D6E664E86195978562] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152544] [PID.4232] [MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4767304] [PID.4240] [MD5.981D739EF92AA67DD790DF5F59E3B6D4] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3865504] [PID.4260] [MD5.5DBF1E0450D1E8B896D9AD0F8AA6499C] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [450659] [PID.4284] [MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.4328] [MD5.7527F74EC97B7609838966063522BB18] - (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe [968592] [PID.4352] =>P2P.BitTorrent [MD5.31EBC020D9B2D6239E2AF90BD48B6E60] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20587680] [PID.4384] [MD5.2DA1426E6D9C119A776AB9C75CAE335F] - (.Brother Industries, Ltd. - Control Center 3 Main Program.) -- C:\Program Files\Brother\ControlCenter3\brccMCtl.exe [450560] [PID.4424] [MD5.F7E1CCBAD109329203AACB1E87BE614C] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\francoise\AppData\Roaming\Dropbox\bin\Dropbox.exe [27776968] [PID.4468] [MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.4788] [MD5.5D2B75226D64C9FB92F89BCB917540E2] - (.Brother Industries, Ltd. - Status Monitor (Network).) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe [184320] [PID.5288] [MD5.BA7D56C1F3DD385EE58ADDA14C6FFB54] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [49152] [PID.5652] [MD5.F28C33D2589F7B89185F3B9445641F84] - (.Pas de propriétaire - HpqToaster Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe [628016] [PID.3516] [MD5.93F95BFF3C560A7D83D78FC9B95DBB7B] - (.Synaptics, Inc. - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.5488] [MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.1732] [MD5.43E6F2A7FB182F2D7CB0CE5B8F1005CF] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [757488] [PID.1668] [MD5.870DF389D7676EDBB635141336A867C6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8302080] [PID.2092] [MD5.ECEA2C66EBA281E9D5A5F8EA54D0630C] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\Windows\system32\Ati2evxx.exe [724992] [PID.1096] [MD5.3017DF7A43E5FC7E361C7B161DD9C81A] - (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe [237657] [PID.1208] [MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1524] [MD5.6D0AC28C5BD8D8495F83F5929A45E559] - (.Hewlett-Packard Corporation - HpService.) -- C:\Windows\system32\Hpservice.exe [19456] [PID.1656] [MD5.41735B82DB57E4EBE9504EC400FD120E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248] [PID.1956] [MD5.23C3A0680042C0D1DE1F360F8B62BC57] - (.Microsoft Corporation - Infrastructure d'extensibilité pour les ser.) -- C:\Windows\system32\WLANExt.exe [74240] [PID.324] [MD5.D3FACB34FFF5DB91ADB70987838F8BA7] - (.brother Industries Ltd - brsvc01a.) -- C:\Windows\system32\brsvc01a.exe [57344] [PID.584] [MD5.F01964D14C12496F5297B8C2E16CEFA1] - (.brother Industries Ltd - brss01a.exe.) -- C:\Windows\system32\brss01a.exe [45056] [PID.616] [MD5.8F0DE4FEF8201E306F9938B0905AC96A] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [135664] [PID.200] [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.2568] [MD5.3B1B2EE9DF189F6BBB080BF393D1B2EE] - (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe [77824] [PID.2832] [MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.2852] [MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.2868] [MD5.F55442690A70A0278A7EED4FAAEBF576] - (.Hewlett-Packard Company - HP Quick Synchronization Service.) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [92216] [PID.2904] [MD5.C34411A244029F1C08687F7C752C4563] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728] [PID.3092] [MD5.837608240884733792DDAE81E50B802A] - (.Microsoft Corporation - SQL Server Windows NT.) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408] [PID.3120] [MD5.E0E4A1F81A7D69C595A8A9DDAD084C19] - (.Nero AG - NeroUpdate.) -- C:\Program Files\Nero\Update\NASvc.exe [769432] [PID.3284] [MD5.309970047D2810380B34A629FC1CFEDD] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [115560] [PID.3392] [MD5.BC0A4D47472B042537F4E57B950415FA] - (.Pas de propriétaire - STServices.) -- C:\Program Files\SMINST\BLService.exe [365952] [PID.3484] [MD5.805AE1F90C64758D19AAA001CF8CBA12] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734] [PID.3500] [MD5.8DCD2C2AA1DEBE7EDAAC90E398765976] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1181104] [PID.3544] [MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.3644] [MD5.86EBD8B1F23E743AAD21F4D5B4D40985] - (.Microsoft Corporation - SQL Browser Service EXE.) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [238944] [PID.3696] [MD5.D89083C4EB02DACA8F944B0E05E57F9D] - (.Microsoft Corporation - SQL Server VSS Writer.) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [86880] [PID.3732] [MD5.5DE1BE0423C8CC00E8C47DBF4F987DD4] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1185704] [PID.716] [MD5.92C58389ECAB46B7A47C7FB6A8CF5526] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [166528] [PID.1412] [MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.3860] [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.3848] [MD5.45A12CACB97B4F15858FCFD59355A1E9] - (.Hewlett-Packard Company - HP Support Assistant.) -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [125496] [PID.4628] [MD5.640E51DB253265C3EAC075866B3D2B33] - (.Hewlett-Packard Company - hpqwmiex Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [791608] [PID.5424] [MD5.12E94E225BD7B05A2BCCD5C0B841E921] - (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [222512] [PID.5816] [MD5.E8A39D41474BE42FD8830CED32932D6C] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553440] [PID.5984] [MD5.C7FBDD1ED42F82BFA35167A5C9803EA3] - (.Microsoft Corporation - PresentationFontCache.exe.) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [43904] [PID.5192] ~ Processes Running: Scanned in 00mn 07s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\francoise\AppData\Local\Google\Chrome\User Data\Default\Preferences ~ Google Browser: 0 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} . (.AOL LLC - AOL IE Toolbar Dynamic Link Library.) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll ~ BHO: 22 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll O3 - Toolbar: AOL Toolbar - [HKLM]{DE9C389F-3316-41A7-809B-AA305ED9D922} . (.AOL LLC - AOL IE Toolbar Dynamic Link Library.) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: Bing Bar - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Extensions du client Bing.) -- C:\Program Files\Microsoft\BingBar\BingExt.dll =>Toolbar.Bing O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar\WebBrowser: (no name) - [HKCU]{DE9C389F-3316-41A7-809B-AA305ED9D922} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Allok 3GP PSP MP4 iPod Video Converter.lnk . (...) -- C:\Program Files\Allok 3GP PSP MP4 iPod Video Converter\Allok 3GP PSP MP4 iPod Video Converter.exe O4 - GS\Desktop [Public]: Bigasoft iPhone Ringtone Maker.lnk . (.Bigasoft Corporation - iPhone Ringtone Maker.) -- C:\Program Files\Bigasoft\iPhone Ringtone Maker\ringtonemaker.exe =>Adware.SPointer O4 - GS\Desktop [Public]: Easy Photo Uploader.lnk . (.Obvious Idea - Easy Photo Uploader For Facebook.) -- C:\Program Files\EasyPhotoUploader\EasyPhotoUploader.exe O4 - GS\Desktop [Public]: eMule.lnk . (.http://www.emule-project.net - eMule.) -- C:\Program Files\eMule\emule.exe O4 - GS\Desktop [Public]: LightScribe.lnk . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSLauncher.exe O4 - GS\Desktop [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Welcome Center.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe O4 - GS\Desktop [Public]: SpywareBlaster.lnk . (...) -- C:\Program Files\SpywareBlaster\spywareblaster.exe O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\Program [Public]: HP Total Care Advisor.lnk . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe O4 - GS\Program [Public]: Pour les enfants.lnk . (.EasyBits Software AS - For Kids.) -- C:\Program Files\EasyBits For Kids\Promo\ezKidsReady.exe =>.EasyBits Software AS O4 - GS\Program [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Welcome Center.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe O4 - GS\QuickLaunch [francoise]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [francoise]: GrabIt.lnk . (...) -- C:\Program Files\GrabIt\GrabIt.exe O4 - GS\QuickLaunch [francoise]: HP MediaSmart.lnk . (...) -- C:\Windows\Installer\{A7AC8E69-01FF-494E-9A2C-423B82CEA604}\_3D6C77F60D97007F65EA64.exe O4 - GS\QuickLaunch [francoise]: Infotravail.lnk - Clé orpheline O4 - GS\QuickLaunch [francoise]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [francoise]: Meteo.lnk - Clé orpheline O4 - GS\QuickLaunch [francoise]: Pages Annuaire.lnk - Clé orpheline O4 - GS\QuickLaunch [francoise]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\Program [francoise]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [francoise]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop [francoise]: adobe PS CS5 keygen.lnk . (...) -- C:\Users\francoise\Downloads\JDownloader\Adobe PS CS5 keygen\adobe_PS_CS5_keygen.exe (.not file.) O4 - GS\Desktop [francoise]: Cuiclic.lnk . (...) -- C:\Users\francoise\AppData\Local\SquareClock\SQ.3D.Modeller.exe O4 - GS\Desktop [francoise]: GrabIt.lnk . (...) -- C:\Program Files\GrabIt\GrabIt.exe O4 - GS\Desktop [francoise]: Housecall Launcher.lnk . (.Trend Micro Inc. - Trend Micro Application Launcher.) -- C:\Users\francoise\Documents\Antivirus SECUSER.COM\HousecallLauncher.exe O4 - GS\Desktop [francoise]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop [francoise]: MagicISO.lnk . (.MagicISO, Inc. - MagicISO Maker.) -- C:\Program Files\MagicISO\MagicISO.exe O4 - GS\Desktop [francoise]: Xtremsplit.lnk . (.Inekman - Xtremsplit v1.2.) -- C:\Users\francoise\Documents\Xtremsplit.exe ~ Global Startup: 103 Legitimates Filtered in 00mn 01s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Startup [francoise]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\francoise\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox O4 - GS\Startup [francoise]: regmonstd.lnk . (...) -- C:\Program Files\01hl.dat,XFG00 (.not file.) O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DVDAgent] . (.CyberLink Corp. - HP DVDSmart Resident Program.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe O4 - HKLM\..\Run: [TSMAgent] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe O4 - HKLM\..\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Run: [SmartMenu] . (.Hewlett-Packard - HP MediaSmart SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe O4 - HKLM\..\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - StartMen Application.) -- C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe O4 - HKLM\..\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe O4 - HKLM\..\Run: [UpdatePDIRShortCut] . (.CyberLink Corp. - StartMen Application.) -- C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co O4 - HKLM\..\Run: [WirelessAssistant] . (.Hewlett-Packard - HP Wireless Assistant main program.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [BrMfcWnd] . (.Brother Industries, Ltd. - Brother Status Monitor MFC Application.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O4 - HKLM\..\Run: [ControlCenter3] . (.Brother Industries, Ltd. - ControlCenter Program.) -- C:\Program Files\Brother\ControlCenter3\brctrcen.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [SSBkgdUpdate] . (.Scansoft, Inc. - SSBkgdUpdate.) -- C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe O4 - HKLM\..\Run: [PaperPort PTD] . (.ScanSoft, Inc. - PaperPort Print to Desktop for NT.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] . (.ScanSoft, Inc. - PaperPort IndexSearch.) -- C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe O4 - HKLM\..\Run: [20131121] . (.AVAST Software - avast! Emergency Update.) -- C:\Program Files\AVAST Software\Avast\setup\emupdate\cfc196c1-abda-4351-944b-e69c53e5f512.exe O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [orangeinside] . (...) -- C:\Users\francoise\AppData\Roaming\Orange\OrangeInside\two\OrangeInside.exe O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline O4 - HKUS\S-1-5-21-1402427300-2543588900-4284595592-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-21-1402427300-2543588900-4284595592-1000\..\Run: [orangeinside] . (...) -- C:\Users\francoise\AppData\Roaming\Orange\OrangeInside\two\OrangeInside.exe O4 - HKUS\S-1-5-21-1402427300-2543588900-4284595592-1000\..\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - HKUS\S-1-5-21-1402427300-2543588900-4284595592-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Clé orpheline ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{25AF3C7C-D241-4FD7-88C5-6008C6F931C7}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{49CF6C8C-4349-4B48-9D73-9DACFED0A61D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{25AF3C7C-D241-4FD7-88C5-6008C6F931C7}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{49CF6C8C-4349-4B48-9D73-9DACFED0A61D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{25AF3C7C-D241-4FD7-88C5-6008C6F931C7}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{49CF6C8C-4349-4B48-9D73-9DACFED0A61D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{25AF3C7C-D241-4FD7-88C5-6008C6F931C7}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{49CF6C8C-4349-4B48-9D73-9DACFED0A61D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: SDWinLogon . (...) -- SDWinLogon.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: Power Control [2009/05/30 04:57:24] ({55662437-DA8C-40c0-AADA-2C816A897A49}) . (.CyberLink Corp. - Pas de description.) - C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl ~ Services: 25 Legitimates Filtered in 00mn 08s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Windows\web\wallpaper\img24.jpg O24 - Desktop General: WallPaper - .(...) - C:\Windows\web\wallpaper\img24.jpg ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: (BHDrvx86) . (. - .) - C:\Windows\system32\drivers\NIS\1000000.07D\BHDrvx86.sys (.not file.) O41 - Driver: (ccHP) . (. - .) - C:\Windows\system32\drivers\NIS\1000000.07D\ccHPx86.sys (.not file.) O41 - Driver: (SRTSPX) . (. - .) - C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.sys (.not file.) O41 - Driver: (SYMTDI) . (. - .) - C:\Windows\system32\drivers\NIS\1000000.07D\SYMTDI.sys (.not file.) ~ Drivers: 102 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\37180InstEnd] [HKCU\Software\IncrediMail] ~ Key Software: 326 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 25/10/2013 - 17:25:31 - [11,091] ----D C:\Program Files\EasyPhotoUploader O43 - CFD: 07/10/2009 - 17:06:02 - [21,526] ----D C:\Program Files\wxplanning O43 - CFD: 12/05/2011 - 10:14:11 - [33,621] ----D C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC} O43 - CFD: 14/07/2011 - 08:47:50 - [19,385] ----D C:\Users\francoise\AppData\Local\{21E1993A-5A39-4983-9EF3-A33B8DA935E7} ~ 313 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 543 Legitimates Filtered in 01mn 31s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.188E68005ED62F32248032C65CB4DE96] - 24/12/2013 - 14:56:23 ---A- . (...) -- C:\Windows\System32\Microsoft.VC80.CRT.manifest [1870] O44 - LFC:[MD5.26B0F12F9A4C267AF5B2DA35F87A6EFA] - 27/12/2013 - 15:14:40 ---A- . (...) -- C:\Windows\System32\DOErrors.log [52] ~ Files: 14 Legitimates Filtered in 00mn 07s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.D4A6E49B437E8E199ED0191D128FFEB1] - 05/12/2013 - 02:24:32 ---A- - C:\Windows\Prefetch\BITGUARD.EXE-89581B64.pf =>PUP.BitGuard O45 - LFCP:[MD5.275660D0EA410034B5C6E5C0F1CAA144] - 12/12/2013 - 12:03:07 ---A- - C:\Windows\Prefetch\BRMFCWND.EXE-8DEE6BEE.pf O45 - LFCP:[MD5.31878E1AEE0DB469134653E631087F78] - 20/12/2013 - 15:29:28 ---A- - C:\Windows\Prefetch\CASLEXEC.EXE-3894EAD8.pf O45 - LFCP:[MD5.ADF173946EF207B3711F04704369B82D] - 21/12/2013 - 11:25:41 ---A- - C:\Windows\Prefetch\CFC196C1-ABDA-4351-944B-E69C5-11A14C5F.pf O45 - LFCP:[MD5.32E1DCB0578E1AB7A807A7B543004CA9] - 22/12/2013 - 11:25:48 ---A- - C:\Windows\Prefetch\BABMAINT.EXE-93A3931F.pf =>Hijacker.BabSolution O45 - LFCP:[MD5.9739D8C4C06E0BF3A3BDFF1DA808E978] - 25/12/2013 - 22:16:53 ---A- - C:\Windows\Prefetch\BRCTRCEN.EXE-82BEE783.pf O45 - LFCP:[MD5.1A77AEC23CBF1C361B94910AFFBADEA4] - 27/12/2013 - 00:05:06 ---A- - C:\Windows\Prefetch\BRMFIMON.EXE-B29B7CD9.pf O45 - LFCP:[MD5.036EBD4A2812B17A7314052D9AB0ACE5] - 27/12/2013 - 11:52:51 ---A- - C:\Windows\Prefetch\HIDDATA.EXE-98129A0B.pf O45 - LFCP:[MD5.DC72B435D4E1DFEECF4AE77A8FF953E1] - 27/12/2013 - 11:52:57 ---A- - C:\Windows\Prefetch\BRCCMCTL.EXE-CE9221B6.pf ~ Prefetcher: 136 Legitimates Filtered in 00mn 01s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{5b59b53d-8fe0-11df-9782-00238bd301a6}\AutoRun\command. (...) -- G:\bu8.exe (.not file.) O51 - MPSK:{add6921e-994d-11df-b131-00238bd301a6}\AutoRun\command. (...) -- G:\launcher.exe (.not file.) O51 - MPSK:{c5c93be0-adee-11e0-bed0-806e6f6e6963}\AutoRun\command. (...) -- F:\setup_vmb_lite.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.657A61979F40D67CA29716149766FFA7] - 07/03/2013 - 00:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49248] O58 - SDL:[MD5.EDB0C9BA44B748E420CCA989FD8B826E] - 07/03/2013 - 00:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [164736] O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:23:22 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584] O58 - SDL:[MD5.004B2EA6CC2598EC5F0552E43CE29CEF] - 04/09/2008 - 18:47:00 ---A- . (.ENE TECHNOLOGY INC. - ENE CIR Driver for eHome.) -- C:\Windows\System32\Drivers\enecir.sys [54784] O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944] O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944] O58 - SDL:[MD5.8D9C68FA8B7FBE0E225BDE0BBCD8CE9B] - 27/09/2010 - 18:55:08 ---A- . (.MBB Incorporated - CDROM Filter.) -- C:\Windows\System32\Drivers\massfilter.sys [9216] O58 - SDL:[MD5.84C78B53838BDEC2B0853ADC782CD5DE] - 26/10/2008 - 21:50:56 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [391168] O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 03:23:20 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648] O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408] O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 03:23:23 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816] O58 - SDL:[MD5.8BF5D980CDCE35FB26F05047144BB57E] - 28/09/2012 - 10:32:56 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [44544] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672] ~ Drivers: 17 Legitimates Filtered in 00mn 15s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 24/12/2013 - 16:00:03 ---A- . (...) -- C:\Users\francoise\AppData\Local\Macroplant_LLC\iExplorer.exe_Url_vuyuyadjvodibfobn54iudw21hckk3ot\3.2.5.0\user.config [1359] O61 - LFC: 24/12/2013 - 16:02:30 ---A- . (...) -- C:\Users\francoise\Documents\Log pour iPhone\iExplorer.v3.2.2.0.zip [15132836] O61 - LFC: 24/12/2013 - 16:02:30 ---A- . (...) -- C:\Users\francoise\Documents\Log pour iPhone\iExplorer_3_Setup.exe [608168] O61 - LFC: 27/12/2013 - 16:01:47 ---A- . (...) -- C:\Users\francoise\AppData\Roaming\hpqLog\casllogs_CASLExec.xml [149133] O61 - LFC: 27/12/2013 - 16:01:48 ---A- . (...) -- C:\Users\francoise\AppData\Roaming\Media Player Classic\default.mpcpl [124] O61 - LFC: 27/12/2013 - 16:02:11 ---A- . (...) -- C:\Users\francoise\AppData\Roaming\ZHP\Log.txt [24313] =>.Nicolas Coolman O61 - LFC: 27/12/2013 - 16:02:11 ---A- . (...) -- C:\Users\francoise\AppData\Roaming\ZHP\TestsZHPDiag.txt [2924] =>.Nicolas Coolman O61 - LFC: 27/12/2013 - 16:02:11 ---A- . (...) -- C:\Users\francoise\Documents\ANTIVIRUS\adwcleaner.exe [1233962] O61 - LFC: 27/12/2013 - 16:02:30 ---A- . (...) -- C:\Users\francoise\Documents\Ma liste de DIVX (A INTEGRER DANS LA LISTE DU PC).xlsx [22256] ~ 15 Fichiers temporaires (Temporary files) ~ 1 Fichiers cookies (Cookies files) ~ Files: 3313 Legitimates Filtered in 03mn 27s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 02/11/2006 - C:\Windows\System32\drivers\symc8xx.sys (Symc8xx) .(.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) - LEGACY_SYMC8XX O64 - Services: CurCS - 01/10/2009 - C:\Windows\system32\Drivers\SYMEVENT.sys (SymEvent) .(.Symantec Corporation - Symantec Event Library.) - LEGACY_SYMEVENT O64 - Services: CurCS - 20/01/2009 - C:\Windows\System32\DRIVERS\SymIMv.sys (SymIM) .(.Symantec Corporation - NDIS 6.0 Filter Driver for Windows Vista.) - LEGACY_SYMIM ~ Legacy: 130 Legitimates Filtered in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {385FDD83-B95F-4D01-9D55-10DCC8BADC71} - (Kelkoo) - http://fr.kelkoopartners.net O69 - SBI: SearchScopes [HKCU] {5FF4A236-3AE1-4747-B3BE-C65A39970202} - (AOL Recherche) - http://slirsredirect.search.aol.com O69 - SBI: SearchScopes [HKCU] {61B32A86-DAE6-4B41-A4AB-A2AA48FB0565} - (Yahoo!) - http://fr.search.yahoo.com O69 - SBI: SearchScopes [HKCU] {672aa132-c0d2-4681-ac96-06ca6001a904} - (iadah) - http://www.iadah.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {9ACF2A26-C56B-4612-B011-26AB70B22766} - (uTorrentBar_FR Customized Web Search) - http://search.conduit.com =>P2P.µTorrent O69 - SBI: SearchScopes [HKCU] {AF48EC79-A35B-402F-AC30-39FA0953ECBD} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask O69 - SBI: SearchScopes [HKCU] {f3d17138-0225-4a82-8b31-4d0c3cc1608a} - (Searcheo) - http://www.searcheo.fr =>Hijacker.Searcheo ~ Keys: Scanned in 00mn 00s ---\\ Enumère les fichiers Crack & Keygen (CKF) (O82) C:\Users\francoise\Documents\Nero\Nero_Keygen_ORiON.rar C:\Users\francoise\Documents\Nero\ORiON\Keygen.exe C:\Users\francoise\Documents\Nero\Nero_Keygen_ORiON.rar C:\Users\francoise\Documents\Nero\ORiON\Keygen.exe ~ Files: Scanned in 00mn 44s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.535497CCCA0488854511EAE7358B002F] [SPRF][12/12/2013] (...) -- C:\Users\francoise\AppData\Local\d3d9caps.dat [7512] [MD5.9F81FEA4D9046DBC6566CF9233388EE6] [SPRF][24/12/2013] (.Setup © - Setup.) -- C:\Users\francoise\AppData\Local\Temp\12984uninstall.exe [306688] [MD5.171F1BB73D0238A7A56126D3459ECDCD] [SPRF][15/10/2008] (...) -- C:\Users\francoise\AppData\Local\Temp\Extract.exe [50432] [MD5.158D7926177374F13CD407C5231EEABD] [SPRF][24/12/2013] (.Perion Network Ltd - SweetIM Installer by SweetPacks.) -- C:\Users\francoise\AppData\Local\Temp\IMsetup.exe [7251728] =>PUP.SweetIM [MD5.8A4AF3B0695F29186AD02E2FD766FA3B] [SPRF][24/12/2013] (.SweetIM Technologies Ltd. - SQLite DLL.) -- C:\Users\francoise\AppData\Local\Temp\mgsqlite3.dll [393016] =>PUP.SweetIM [MD5.F0A5B44B9B8A23E2F2950B346B5C7718] [SPRF][23/12/2013] (...) -- C:\Users\francoise\AppData\Local\Temp\Quarantine.exe [360051] [MD5.158D7926177374F13CD407C5231EEABD] [SPRF][24/12/2013] (.Perion Network Ltd - SweetIM Installer by SweetPacks.) -- C:\Users\francoise\AppData\Local\Temp\Shortcut_IMsetup.exe [7251728] =>PUP.SweetIM [MD5.5405413FFF79B8D9C747AA900F60F082] [SPRF][24/12/2013] (...) -- C:\Users\francoise\AppData\Local\Temp\Sqlite3.dll [599419] [MD5.EB61AAAE770811578DA355AE9A964569] [SPRF][24/12/2013] (...) -- C:\Users\francoise\AppData\Local\Temp\WSSetup.exe [3569936] [MD5.884E144676C0C9679042E83574822FB9] [SPRF][25/12/2013] (...) -- C:\Users\francoise\AppData\LocalLow\SkwConfig.bin [8432] [MD5.BCD5EBE2E8BB8346CE1AF16975CC7504] [SPRF][24/03/2011] (...) -- C:\Users\francoise\AppData\Roaming\wklnhst.dat [1140] ~ Files: 18 Legitimates Filtered in 00mn 03s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{09599860-F736-44D8-B52A-C518CC1B8095}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) =>PUP.Datamngr O87 - FAEL: "{1957688E-B11E-4330-BE97-B5D083C305AA}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) =>PUP.Datamngr O87 - FAEL: "TCP Query User{ED0C58F0-AAE1-46E1-B0BC-4CC492954074}C:\program files\spybot - search & destroy 2\sdfiles.exe" | In - Public - P6 - TRUE | .(.Safer-Networking Ltd. - Single file on-demand scanner.) -- C:\program files\spybot - search & destroy 2\sdfiles.exe O87 - FAEL: "UDP Query User{C715235D-8265-469B-8232-C3692289FF11}C:\program files\spybot - search & destroy 2\sdfiles.exe" | In - Public - P17 - TRUE | .(.Safer-Networking Ltd. - Single file on-demand scanner.) -- C:\program files\spybot - search & destroy 2\sdfiles.exe O87 - FAEL: "{B52F9EFC-9077-466B-8757-54C6AFE08424}" |In - Public - P6 - TRUE | .(...) -- C:\Users\francoise\AppData\Local\Temp\is42483369\8047501_stp\BundleSweetIMSetup.exe (.not file.) =>PUP.SweetIM O87 - FAEL: "{21FDAA74-0D0A-4558-947C-F62B6F593FCE}" |In - Public - P17 - TRUE | .(...) -- C:\Users\francoise\AppData\Local\Temp\is42483369\8047501_stp\BundleSweetIMSetup.exe (.not file.) =>PUP.SweetIM O87 - FAEL: "{F23D8501-69DA-4301-8BE1-CC5D1BE0C4CE}" |In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.) O87 - FAEL: "{42A8F69B-98D4-4AD8-9BB3-0D451232EE2B}" |In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.) ~ Firewall: 223 Legitimates Filtered in 00mn 02s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "D21EC9447C2E79B41BE9551D36AE4953" . (.Bing Bar.) -- C:\Windows\Installer\{449CE12D-E2C7-4B97-B19E-55D163EA9435}\icon_installer_ico =>Toolbar.Bing ~ Update Products: 213 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.00DBF8975B5C9FA73C16F1F084DA75BB] [WIS][12/06/2013] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\10754e.msi [474112] =>Adware.Boxore [MD5.38F86547521805CCEA5DD11C8BF31089] [WIS][08/07/2012] (.Babylon Ltd - BabylonObjectInstaller.) -- C:\Windows\Installer\36a385.msi [29696] =>PUP.Babylon [MD5.5ECD6571F6BE03C47C022FE6C330F8AC] [WIS][19/09/2012] (.Boxore OU. - Software Update Helper.) -- C:\Windows\Installer\a7fa5fd.msi [24576] =>Adware.Boxore ~ WIS: 221 Legitimates Filtered in 00mn 24s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Disabled 10/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 01/04/2011 183560 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe SS - | Auto 08/04/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 08/04/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 23/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe SS - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 27/06/2008 77824 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 31/12/2008 724992 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe SR - | Auto 07/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 11/04/2002 57344 | (Brother XP spl Service) . (.brother Industries Ltd.) - C:\Windows\system32\brsvc01a.exe SR - | Demand 19/11/2008 222512 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe SR - | Auto 21/01/2008 21504 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe SR - | Auto 23/02/2011 125496 | (HP Health Check Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe SR - | Auto 25/01/2011 92216 | (HPDrvMntSvc.exe) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe SR - | Demand 25/01/2011 791608 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe SR - | Auto 18/03/2008 19456 | (hpsrv) . (.Hewlett-Packard Corporation.) - C:\Windows\System32\Hpservice.exe SR - | Demand 12/12/2012 553440 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 04/03/2011 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SR - | Auto 13/07/2012 769432 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe SR - | Auto 20/01/2009 115560 | (Norton Internet Security) . (.Symantec Corporation.) - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe SR - | Auto 17/12/2008 365952 | (Recovery Service for Windows) . (...) - C:\Program Files\SMINST\BLService.exe SR - | Auto 15/09/2008 241734 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo.exe SR - | Auto 07/02/2012 1181104 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe SR - | Auto 07/02/2012 1185704 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe SR - | Auto 07/02/2012 166528 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe SR - | Auto 28/03/2011 249648 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe SR - | Auto 26/10/2008 237657 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 28/11/2008 87536 | ({55662437-DA8C-40c0-AADA-2C816A897A49}) . (.CyberLink Corp..) - C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl ~ Services: Scanned in 00mn 26s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ MBR: 1 Legitimates Filtered in 00mn 02s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by francoise at 27/12/2013 16:04:50 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\\ Scan Additionnel (O88) Database Version : 13013 - (26/12/2013) Clés trouvées (Keys found) : 2 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 3 Fichiers trouvés (Files found) : 11 [HKLM\SOFTWARE\SOFTWARE\UPDATE\CLIENTS\{5B54E9B6-D6C4-11E0-8E9D-92FB4824019B}] =>Adware.Boxore [HKLM\Software\Classes\AOLTB.AOLToolBand.1] =>Toolbar.Agent [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{8dcb7100-df86-4384-8842-8fa844297b3f} =>Toolbar.Bing^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^ C:\Users\francoise\AppData\Local\Software =>Adware.Boxore C:\Users\francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde =>Toolbar.DeltaSearch C:\Users\francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbpohikckhbcljgombipcdoinkaedlfa =>Spyware.SmartDisplay C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent^ C:\Users\francoise\AppData\Local\Temp\IMsetup.exe =>PUP.SweetIM^ C:\Users\francoise\AppData\Local\Temp\mgsqlite3.dll =>PUP.SweetIM^ C:\Users\francoise\AppData\Local\Temp\Shortcut_IMsetup.exe =>PUP.SweetIM^ C:\Windows\Installer\10754e.msi =>Adware.Boxore^ C:\Windows\Installer\36a385.msi =>PUP.Babylon^ C:\Windows\Installer\a7fa5fd.msi =>Adware.Boxore^ C:\Users\francoise\AppData\Local\Temp\BundleSweetIMSetup.exe.8254387 =>PUP.SweetIM C:\Users\francoise\AppData\Local\Temp\1387893496_8431994_98_4.tmp =>PUP.SweetIM ~ Additionnel Scan: 524788 Items scanned in 00mn 57s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer =>Adware.SPointer ~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard =>PUP.BitGuard ~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ http://nicolascoolman.webs.com/apps/blog/show/30956590-hijacker-searcheo =>Hijacker.Searcheo ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM ~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon ~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch ~ http://nicolascoolman.webs.com/apps/blog/show/32662245-spyware-smartdisplay =>Spyware.SmartDisplay ~ MSI: 11 link(s) detected in 00mn 57s ~ 5136 Legitimates filtered by white list End of the scan (688 lines in 08mn 43s)(4)